PT-2025-17655 · Totolink · Totolink A950Rg+3
Published
2025-04-23
·
Updated
2025-04-23
·
CVE-2025-28028
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
TOTOLINK A830R version 4.1.2cu.5182 B20201102
TOTOLINK A950RG version 4.1.2cu.5161 B20200903
TOTOLINK A3000RU version 5.9c.5185 B20201128
TOTOLINK A3100R version 4.1.2cu.5247 B20211129
Description
A buffer overflow issue was discovered in the downloadFile.cgi endpoint through the
v5 parameter.Recommendations
For TOTOLINK A830R version 4.1.2cu.5182 B20201102, avoid using the
v5 parameter in the "downloadFile.cgi" endpoint until a fix is available.
For TOTOLINK A950RG version 4.1.2cu.5161 B20200903, restrict access to the downloadFile.cgi endpoint to minimize exploitation risk.
For TOTOLINK A3000RU version 5.9c.5185 B20201128, consider disabling the downloadFile.cgi endpoint temporarily.
For TOTOLINK A3100R version 4.1.2cu.5247 B20211129, refrain from using the vulnerable v5 parameter in the downloadFile.cgi endpoint.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink A3000Ru
Totolink A3100R
Totolink A830R
Totolink A950Rg